This specification defines a profile for the use of X.509 Attribute
Certificates in Internet Protocols. Attribute certificates may be used in
a wide range of applications and environments covering a broad spectrum of
interoperability goals and a broader spectrum of operational and assurance
requirements. The goal of this document is to establish a common baseline
for generic applications requiring broad interoperability as well as
limited special purpose requirements. The profile places emphasis on
attribute certificate support for Internet electronic mail, IPsec, and WWW
security applications. This document obsoletes RFC 3281.
Working Group Summary
This ID was discussed on the mailing list and at multiple meetings. It is
a simple update to address known errata posted to the RFC editor and to
address an issue identified as a result of developing the
draft-ietf-pkix-authorityclearanceconstraints ID. The clearance attribute
object identifier didn't match the attribute's X.509 object identifier.
This document is an update of an existing draft and is comparable
in quality to its predecessor. Note that most of the changes listed in
Appendix C of the document are a result of the long lag time between
updates (e.g., reference updates).
Steve Kent is the document Shepherd. Tim Polk is the responsible
Security Area AD.
RFC Editor Note
This document is being forwarded for publication assuming that the
proposed update to the TLP will be completed by the IETF Trust prior
to completion of the RFC publication process. If that process does not
terminate successfully, please make the following substitution in
Appendix B, replacing RFC XXXX with the number assigned to this RFC:
DEFINITIONS IMPLICIT TAGS ::=
DEFINITIONS IMPLICIT TAGS ::=
-- Copyright (c) 2009 IETF Trust and the persons identified as
-- authors of the code. All rights reserved.
-- Redistribution and use in source and binary forms, with or without
-- modification, are permitted provided that the following conditions
-- are met:
-- - Redistributions of source code must retain the above copyright
-- notice, this list of conditions and the following disclaimer.
-- - Redistributions in binary form must reproduce the above copyright
-- notice, this list of conditions and the following disclaimer in
-- the documentation and/or other materials provided with the
-- - Neither the name of Internet Society, IETF or IETF Trust, nor the
-- names of specific contributors, may be used to endorse or promote
-- products derived from this software without specific prior
-- written permission.
-- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-- 'AS IS' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-- LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-- A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-- OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-- LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-- DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-- THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-- OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-- This code is part of RFC XXXX; see the RFC itself for full legal